Ryan, Paul ORCID: 0000-0003-0770-2737 and Brennan, Rob ORCID: 0000-0001-8236-362X (2022) Support for enhanced GDPR accountability with the common semantic model for ROPA (CSM‑ROPA). SN Computer Science, 3 . ISSN 2661-8907
Abstract
The creation and maintenance of Registers of Processing Activities (ROPA) are essential to meeting the General Data Protection Regulation (GDPR) and thus to demonstrate compliance based on the GDPR concept of accountability. To establish
its effectiveness in meeting this obligation, we evaluate an ROPA semantic model, the Common Semantic Model–ROPA
(CSM–ROPA). Semantic models and tools represent one solution to the compliance challenges faced by organisations: the
heterogeneity of relevant data sources, and the lack of tool interoperability and agreed common standards. By surveying
current practice and the literature we identify the requirements for GDPR accountability tools: digital exchange of data,
automated accountability verification and privacy-aware data governance. A case study was conducted to analyse the expressivity and effectiveness of CSM–ROPA when used as an interoperable, machine-readable mediation layer to express the
concepts in a comprehensive regulator-provided accountability framework used for GDPR compliance. We demonstrate that
CSM–ROPA can express 98% of ROPA accountability terms and fully express nine of the ten European regulators' ROPA
templates. We identify three terms for addition to CSM–ROPA, and we identify areas where CSM–ROPA relies on partial
matches that indicate model limitations. These improvements to CSM–ROPA will provide comprehensive coverage of the
regulator-supplied model. We show that tools based on CSM–ROPA can fully meet the requirements of compliance best
practice when compared with either manual accountability approaches or a leading privacy software solution.
Metadata
Item Type: | Article (Published) |
---|---|
Refereed: | Yes |
Additional Information: | Article number: 224 |
Uncontrolled Keywords: | Register of Processing Activities; Data Protection Ofcer; RegTech; Semantic Web; Accountability |
Subjects: | UNSPECIFIED |
DCU Faculties and Centres: | DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing Research Initiatives and Centres > ADAPT |
Publisher: | MDPI |
Official URL: | https://doi.org/10.1007/s42979-022-01099-9 |
Copyright Information: | © 2022 The Authors. |
Funders: | Open Access funding provided by the IReL Consortium, Uniphar PLC., SFI Research Centres Programme (Grant 13/RC/2106_P2), European Regional Development Fund |
ID Code: | 27759 |
Deposited On: | 21 Sep 2022 16:04 by Thomas Murtagh . Last Modified 24 Mar 2023 14:36 |
Documents
Full text available as:
Preview |
PDF
- Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Creative Commons: Attribution 4.0 1MB |
Downloads
Downloads
Downloads per month over past year
Archive Staff Only: edit this record